Vulnerabilities > Miniorange > Ldap Integration With Active Directory AND Openldap > High

DATE CVE VULNERABILITY TITLE RISK
2023-01-17 CVE-2023-23749 Injection vulnerability in Miniorange Ldap Integration With Active Directory and Openldap 5.0.2
The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' extension is vulnerable to LDAP Injection since is not properly sanitizing the 'username' POST parameter.
network
low complexity
miniorange CWE-74
7.5